Wireshark-dev: Re: [Wireshark-dev] Unable to add my dissector for tcp.dstport
From: "Abhik Sarkar" <[email protected]>
Date: Fri, 11 Jan 2008 14:57:45 +0400
Hi Vikas,

Assuming 50505 is the port on which a server is listening for
connections for a particular protocol, wouldn't you want your
dissector to also dissect the responses from the server? In case of
the responses, the source port would be 50505.

If you really want to dissect only packets where the destination port
is 50505, then you could register the protocol using the tcp.port
table and then add a check in your code to immediately return if the
source port is 50505 and proceed with dissection only when the
destination is 50505.

Hope this helps.
Abhik.

On Jan 11, 2008 12:02 PM, Vikas Jain <[email protected]> wrote:
>
>  Hi,
>
> I am developing a dissector for my protocol that uses TCP as the underlying
> layer and dissects messages that are destined for TCP destination port of
> 50505.
>
> I did the following implementation for my proto_reg_handoff* method:
>
> void proto_reg_handoff_foo()
> {
>     dissector_handle_t foo_handle;
>     foo_handle = new_create_dissector_handle(dissect_foo, proto_foo);
>
>     /* The following statement seems to cause an assertion when I run the
> Wireshark executable. I get an assertion on line 697 packet.c file saying
> assertion failed on sub-dissectors */
>     dissector_add("tcp.dstport", 50505, foo_handle);
>
>     /* If instead of above statement, I do the following, then it is fine */
>     dissector_add("tcp.port", 50505, foo_handle);
>
> }
>
> I presume that if keep tcp.port in my dissector_add invocation, my dissector
> is going to be invoked even when tcp.srcport is 50505. I want my dissector
> to be invoked only when a tcp destination port is 50505.
>
> Any help would be greatly appreciated. I am developing on Wireshark 0.99.7
> released sources and on windows platform.
>
> Thanks,
> Vikas
>
>
> ________________________________
> It's about getting married. Click here! Try it!
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>